CVE-2024-4009 - OpenCVE

Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Abb	2tma310011b0003 Firmware 2tma310011b0001 2tma310010b0003 2tma310011b0002 Firmware 2tma310011b0002 2tma310010b0003 Firmware 2tma310011b0003 2tma310011b0001 Firmware 2tma310010b0001 2tma310010b0001 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:abb:2tma310010b0001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310010b0001:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:abb:2tma310011b0001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310011b0001:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:abb:2tma310011b0002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310011b0002:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:abb:2tma310010b0003_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310010b0003:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:abb:2tma310011b0003_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:2tma310011b0003:-:*:*:*:*:*:*:*

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ABB

Published: 2024-06-05T17:19:07.010Z

Updated: 2024-06-06T13:55:44.509Z

Reserved: 2024-04-19T17:09:27.489Z

Link: CVE-2024-4009

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-06-05T18:15:11.420

Modified: 2024-06-18T17:01:19.897

Link: CVE-2024-4009

JSON object: View

Redhat Information

No data.

CWE

CWE-294

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4009", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2024-04-19T17:09:27.489Z", "datePublished": "2024-06-05T17:19:07.010Z", "dateUpdated": "2024-06-06T13:55:44.509Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://new.abb.com/products/de/2TMA310010B0001/sd-u12-55-11-825", "defaultStatus": "unaffected", "platforms": ["proprietary"], "product": "2.4! Display 55, SD/U12.55.11-825", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.00", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2TMA310011B0001/sd-u12-55-1-825", "defaultStatus": "unaffected", "platforms": ["proprietary"], "product": "2.4! Display 55, SD/SD/U12.55.1-825", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.00", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2TMA310010B0003/", "defaultStatus": "unaffected", "platforms": ["proprietary"], "product": "2.4! Display 63, SD/U12.63.11-825", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.00", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2TMA310011B0003/rt-u12-86-1-825", "defaultStatus": "unaffected", "platforms": ["proprietary"], "product": "RoomTouch 4\", RT/U12.86.1-825", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.00", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2TMA310010B0004/rt-u12-86-11-825", "defaultStatus": "unaffected", "product": "RoomTouch 4\", RT/U12.86.11-825", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.00", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2TMA310010B0006/sd-u12-70-11-4015", "defaultStatus": "unaffected", "product": "2,4'' Display 70, SD/U12.70.11-4015", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.00", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2TMA310011B00004/sd-u12-70-1-4015", "defaultStatus": "unaffected", "product": "2,4'' Display 70, SD-U12-70-1-4015", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.00", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2TMA310010W0001/rt-u12-86-11-811", "defaultStatus": "unaffected", "platforms": ["proprietary"], "product": "RoomTouch 4\", RT/U12.86.11-811", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.00", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2TMA310011W0001/rt-u12-86-1-811", "defaultStatus": "unaffected", "platforms": ["proprietary"], "product": "RoomTouch 4\", RT-U12-86-1-811", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.00", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2CKA006120A0079/ba-u1-0-11", "defaultStatus": "unaffected", "platforms": ["proprietary"], "product": "BCU KNX, BA-U1.0.11", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.3.0.33", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2CKA006120A0080/ba-u1-0-1", "defaultStatus": "unaffected", "platforms": ["proprietary"], "product": "BCU KNX, BA-U1.0.1", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.3.0.33", "versionType": "custom"}]}, {"collectionURL": "https://new.abb.com/products/de/2CKA006120A0081/ba-u1-0-21", "defaultStatus": "unaffected", "platforms": ["proprietary"], "product": "BCU KNX, BA-U1.0.21", "vendor": "ABB, Busch-Jaeger", "versions": [{"status": "affected", "version": "1.3.0.33", "versionType": "custom"}]}], "datePublic": "2024-06-05T16:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Replay Attack</span>\n\nin ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System <br><br>"}], "value": "Replay Attack\n\nin ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/S:N/AU:N/V:D/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-06-05T17:19:07.010Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"discovery": "UNKNOWN"}, "title": "Replay Attack in KNX Secure Devices", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T13:52:06.305528Z", "id": "CVE-2024-4009", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T13:55:44.509Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310010b0001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FB4E951-BB1E-49EF-89E1-5FC528E7C39F", "versionEndExcluding": "1.02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310010b0001:-:*:*:*:*:*:*:*", "matchCriteriaId": "5887B6A4-F626-43C0-B660-18E9BCB7573A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310011b0001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "47B72D86-BE3B-4E5E-AF78-D15B7BAAFB07", "versionEndExcluding": "1.02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310011b0001:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF081477-A638-403C-B964-512AD9D778A1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310011b0002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF7134CF-B90B-44C5-9AE9-634AD6390C82", "versionEndExcluding": "1.02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310011b0002:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2040D08-9289-452C-87A1-0FDE70923797", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310010b0003_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90A07BBA-AC3C-43A4-87F5-B7873DE0E83E", "versionEndExcluding": "1.02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310010b0003:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAB58037-6EC4-4816-B310-2D8000A1FF74", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:2tma310011b0003_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9125F6EB-0667-47AD-B2EA-F48FF5FE4D63", "versionEndExcluding": "1.02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:2tma310011b0003:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D74D97B-D726-445F-9E69-9A613D466629", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Replay Attack\n\nin ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System"}, {"lang": "es", "value": "Replay Attack en ABB, Busch-Jaeger, FTS Display (versi\u00f3n 1.00) y BCU (versi\u00f3n 1.3.0.33) permite al atacante capturar/reproducir telegramas KNX al sistema de bus KNX local"}], "id": "CVE-2024-4009", "lastModified": "2024-06-18T17:01:19.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2024-06-05T18:15:11.420", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "nvd@nist.gov", "type": "Primary"}]}